If you recently updated your penetration testing environment, it’s
possible you were greeted with a special surprise. Cobalt Strike and its
team server will no longer start.
Instead of Cobalt Strike, you’re now greeted with this very intuitive and helpful error: The Parallel GC can not be combined with -XX:ParallelGCThreads=0.
I’ve had a few emails about this. My first answer: I have no idea
what that means. Now, I have an answer! This is a known bug in Java
1.8u131. This recent update to Oracle’s Java introduces a change that
breaks the -XX:+AggressiveHeap command line option
Cobalt Strike uses. This command line option is not uncommon in the Java
world and other applications are affected.
The Java team is aware of this bug
and it has a priority level 2. This is the level reserved for Crashes,
losses of data, and severe memory leaks. They’re taking it seriously and
I expect this problem to go away in a coming Java update.
On Linux, one way to work around this Oracle Java bug is to update the cobaltstrike and teamserver scripts to specify the -XX:ParallelGCThreads=8 option after the java command.
I advise that you stay away from Oracle Java 1.8u131. If you already updated to Java 1.8u131, then downgrade to Java 1.8u121.
What about OpenJDK? I continue to recommend Oracle’s
Java distribution for use with Cobalt Strike. Oracle’s Java
distributions go through a series of acceptance tests to make sure the
build is sane. This isn’t always the case with OpenJDK builds/packages.
This has led to serious issues in the past.
本文出自 RedFree's Blog，转载时请注明出处及相应链接。